"Hiemstra, Brenno" wrote:
> Because Checkpoint uses "statefull inspection" (only from sp2 true statefull
> inspection) the traffic should be allowed to come in too (because the
> connection is the firewall it's state table)
Someone can correct me if i'm wrong, but doesn't FW-1 simply keep in it's state
table the outgoing (UDP) connection tuplet, and open a window to allow the
reverse-tuplet back in, the time factor specified in the properties of the
firewall ruleset?
I think i read somewere in PIXs literature that for DNS it does a nifty thing
with it's "state" whereby it does a similar thing to FW-1, but only allows the
first correct connection tuplet back in, other replies, even if they are in the
correct time window get dropped..
(Forgive me if Checkpoint are now doing this.. I havent been following their
SPs)
Regards,
Chris.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
